Head of Information Security
Head of Information Security/??90,000 per annum/Nottinghamshire
Access IT & Digital Talent are partnering with a global organisation who are seeking a Head of Information Security to form a new department and all related activities
I'm seeking a Head of InfoSec who will be responsible for overseeing and controlling all aspects of the clients Information Security function. The role entails identifying risks, planning and carrying out security improvements and other measures that will protect the business's data and information.
As Head of Information Security, you will operate as subject matter expert for Information Security from both a legislative and regulatory perspective. You will design, develop standardise, coordinate and deploy information and technology security policies and procedures. You will be a proactive 'hands on' starter/finisher and enjoy responsibility. You will be strongly motivated to achieve positive results.
The ideal applicant will have enough experience to take control of InfoSec strategy, whilst having the technical competence to directly advise and support the deployment efforts on the front line.
This is a fantastic opportunity that offers the successful candidate the chance to come in and advise, guide and really make the Information Security function their own, with scope to build your own team. You will have autonomy for shaping and driving the strategy, implementation and operation of the Information Security agenda.
The salary on offer is up to ??90,000 per annum. The role is a mixture of remote and office work based in Nottinghamshire.
- Advise, guide and drive forward the Information Security function to improve/mature the organisations security posture
- Develop a complete set of Information Security standards, policies and procedures whilst continually monitoring information security controls, and the technical landscape for emerging threats
- Ensure that cyber security policies and procedures are creatively communicated to all personnel and that messaging is appropriate for a non-technical audience with the goal of developing security awareness across the business
- Play a key role in compliance reviews, certifications and accreditations (eg ISO27001, PCI-DSS, Cyber Essentials, GDPR etc.)
- Contribute to the overall business technology planning, providing input from a regulatory, legislative and best-practice perspective.
- Champion a programme of penetration testing, vulnerability fixing and patching/maintenance
- Provide proactive support and advice in investigations following breaches or incidents, including supporting the business to produce impact analysis and recommendations for avoiding similar exposure in future
- Setup and maintain relationships with relevant 3rd party vendors who will support InfoSec activities
- Keep abreast of the changing regulation and legislation surrounding InfoSec
Skills and qualifications.
- Relevant industry qualifications, such CISM, CISSP, ISO27001 lead auditor or SANS GCIH, together with good working knowledge of applicable legal and regulatory legislation including GDPR and PCI Data Security Standards.
- Significant experience in the Information Security industry with a proven history of leading the delivery of Information Security programmes in a technical IT environment.
- Strong track record of identifying risks and issues, managing stakeholders and mobilising resources to drive remediation activities through to successful closure.
- Ability to translate strategic business priorities into technical solutions, and to clearly articulate these technical solutions to non-technical stakeholders in an easily understandable way.
- A strong technical background, ideally with strong knowledge of networks, IDS/IPS, vulnerability testing and Firewalls and the ability to develop highly technical solutions.
For a confidential discussion and further details on the role please apply via the details provided